IRS Tax News

<< First  < Prev   1   2   3   4   5   ...   Next >  Last >> 
  • 15 Aug 2019 8:36 AM | Maureen Gelwicks (Administrator)

    WASHINGTON — The Internal Revenue Service is automatically waiving the estimated tax penalty for the more than 400,000 eligible taxpayers who already filed their 2018 federal income tax returns but did not claim the waiver.

    The IRS will apply this waiver to tax accounts of all eligible taxpayers, so there is no need to contact the IRS to apply for or request the waiver.

    Earlier this year, the IRS lowered the usual 90% penalty threshold to 80% to help taxpayers whose withholding and estimated tax payments fell short of their total 2018 tax liability. The agency also removed the requirement that estimated tax payments be made in four equal installments, as long as they were all made by Jan. 15, 2019. The 90% threshold was initially lowered to 85% on Jan 16 and further lowered to 80% on March 22.

    The automatic waiver applies to any individual taxpayer who paid at least 80% of their total tax liability through federal income tax withholding or quarterly estimated tax payments but did not claim the special waiver available to them when they filed their 2018 return earlier this year.

    “The IRS is taking this step to help affected taxpayers,” said IRS Commissioner Chuck Rettig. “This waiver is designed to provide relief to any person who filed too early to take advantage of the waiver or was unaware of it when they filed.”

    Refunds planned for eligible taxpayers who paid penalty
    Over the next few months, the IRS will mail copies of notices CP 21 granting this relief to affected taxpayers. Any eligible taxpayer who already paid the penalty will also receive a refund check about three weeks after their CP21 notice regardless if they requested penalty relief. The agency emphasized that eligible taxpayers who have already filed a 2018 return do not need to request penalty relief, contact the IRS or take any other action to receive this relief.

    For those yet to file, the IRS urges every eligible taxpayer to claim the waiver on their return. This includes those with tax-filing extensions due to run out on Oct. 15, 2019. The quickest and easiest way is to file electronically and take advantage of the waiver computation built into their tax software package. Those who choose to file on paper can fill out Form 2210 and attach it to their 2018 return. See the instructions to Form 2210 for details.

    Because the U.S. tax system is pay-as-you-go, taxpayers are required by law to pay most of their tax obligation during the year, rather than at the end of the year. This can be done by having tax withheld from paychecks, pension payments or Social Security benefits, making estimated tax payments or a combination of these methods.
               
    Like last year, the IRS urges everyone to do a “Paycheck Checkup” and review their withholding for 2019. This is especially important for anyone who faced an unexpected tax bill or a penalty when they filed this year. It’s also an important step for those who made withholding adjustments in 2018 or had a major life change. Those most at risk of having too little tax withheld include those who itemized in the past but now take the increased standard deduction, as well as two wage earner households, employees with nonwage sources of income and those with complex tax situations.

    To get started, check out the new Tax Withholding Estimator, available on IRS.gov. More information about tax withholding and estimated tax can be found on the agency’s Pay As You Go web page, as well as in Publication 505.


  • 13 Aug 2019 12:27 PM | Maureen Gelwicks (Administrator)

    Tax professionals urged to report thefts immediately; create recovery plan

    WASHINGTON — The Internal Revenue Service and its Security Summit partners today reminded tax professionals that they should report data theft immediately to the IRS and follow an established process for helping the IRS protect their clients.

    If notified promptly, the IRS can help stop fraudulent tax returns from being filed in clients’ names, thereby avoiding refund delays and other problems for the affected tax professional. But this action requires the cooperation of the tax professional with the IRS.

    The IRS, state tax agencies and the private-sector tax industry are calling on all tax professionals to pause this summer and review their security measures and make appropriate changes. Acting as the Security Summit, the partners created a special “Taxes-Security-Together” checklist to help tax professionals with this review. Fraudulent returns using stolen tax data are harder to detect.

    “Our objective is to get every tax professional to stop and think about client data security. The ‘Taxes-Security-Together’ Checklist is intended as a starting point, spelling out the basic steps necessary to start a security review,” said Chuck Rettig, IRS Commissioner. “Practitioners are the first line of defense against organized criminal syndicates running these identity theft scams. Despite our progress, this is no time to let down our guard in the tax community. We need your help.”

    Creating a data theft recovery plan is the fifth and final action item in this summer’s Security Summit series. Previous checklist topics included: deploying the “Security Six” safeguards, creating a written data security plan, educating yourself on phishing scams and recognizing the signs of data theft.

    Checklist Item 5: Create a data theft recovery plan

    Rather than wait for an emergency, tax professionals should consider creating a data theft recovery plan in advance and make calling the IRS an immediate action item. Having an action plan can save valuable time and protect your clients and yourself. Should a tax professional experience a data compromise – whether by cybercriminals, theft or just an accident – there are certain basic steps to take.  These include:

    Contacting the IRS and law enforcement:

    • Internal Revenue Service. Report client data theft to local IRS Stakeholder Liaisons, who will notify IRS Criminal Investigation and others within the agency on the tax professional’s behalf. Speed is critical. If reported quickly, the IRS can take steps to block fraudulent returns in clients’ names, helping your firm and your clients.
    • Federal Bureau of Investigation, local office (if directed).
    • Secret Service, local office (if directed).

    Contacting states in which the tax professional prepares state returns:

    • State revenue agencies. Any breach of personal information could have an effect on the victim’s tax accounts with the state revenue agencies as well as the IRS. To help tax professionals find where to report data security incidents at the state level, the Federation of Tax Administrators has created a special email address as a contact point: StateAlert@taxadmin.org.
    • State Attorneys General for each state in which the tax professional prepares returns.  Most states require that the attorney general be notified of data breaches, so this notification process may involve multiple offices in some locations.

    Contacting experts:

    • Security expert. They can help determine the cause and scope of the breach as well as stop the breach and prevent further breaches from occurring.
    • Insurance company. Not only to report the breach, but to check if the insurance policy covers data breach mitigation expenses.

    Contacting clients and other services:

    • Federal Trade Commission for guidance for businesses. For more individualized guidance, contact the FTC at idt-brt@ftc.gov.
    • Credit / identity theft protection agency. Certain states require offering credit monitoring and identity theft protection to victims of identity theft.
    • Credit bureaus. Notifying them if there is a compromise and your clients may seek their services.
    • Clients. At a minimum, send an individual letter to all victims to inform them of the breach but work with law enforcement on timing. Clients should complete IRS Form 14039, Identity Theft Affidavit, but only if their e-filed return is rejected because of a duplicate Social Security number or they are instructed to do so.
    • Remember: IRS toll-free assisters cannot accept third-party notification of tax-related identity theft. Again, preparers should use their local IRS Stakeholder Liaison to report data loss.

    The objective of the “Taxes-Security-Together” Checklist is to ensure all tax professionals, whether a one-person shop or a major firm, understand the risk posed by national and international criminal syndicates, take the appropriate steps to protect their clients and business and understand the laws around their obligation to secure that data.

    “The number of tax professionals reporting data thefts to the IRS remains too high, and it puts tens of thousands of taxpayers at risk for identity theft,” Rettig said. “We hope tax professionals will use the Summit checklist as a starting point, not an end point, to protect their client’s data — and themselves. It’s not only a good business practice, it’s the law.”

    Reporting schemes helps everyone

    The IRS, states and tax industry share information about scams and schemes through their Identity Theft Tax Refund Fraud Information Sharing and Analysis Center, which allows the partners to rapidly respond to emerging threats. When tax professionals report data thefts to the IRS, it enables the partners to identify new schemes.

    The ability to share information about emerging threats is critical to the ability to combat identity theft and refund fraud. Thieves are constantly creating new scams to trick tax professionals and taxpayers into divulging sensitive information.

    Additional Resources

    The Security Summit reminds all tax professionals that they must have a written data security plan as required by the Federal Trade Commission and its Safeguards Rule. Get help with security recommendations by reviewing the recently revised IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: the Fundamentals by the National Institute of Standards and Technology.

    Publication 5293, Data Security Resource Guide for Tax Professionals, provides a compilation of data theft information available on IRS.gov. Also, tax pros should stay connected to the IRS through subscriptions to e-News for Tax Professionals and Social Media.

    Reminder: The Taxes-Security-Together Checklist

    During this special Security Summit series, the checklist highlighted these key areas:


  • 07 Aug 2019 9:28 AM | Maureen Gelwicks (Administrator)

    IRS, states and industry offer tips to tax professionals on spotting signs of client data theft

    WASHINGTON — The Internal Revenue Service and its Security Summit partners today urged tax professionals to learn the tell-tale signs that their office may have experienced a data theft that resulted in fraudulent tax returns being filed in their clients’ names.

    The IRS, state tax agencies and the private-sector tax industry, working together as the Security Summit, warned practitioners that global criminal syndicates remain active, and they are well financed, high skilled and tax savvy in their attempts to gain sensitive tax data.

    The reminder came as the IRS and the Summit partners encouraged tax professionals to take time this summer to review their data security protection. To help the tax community, the Summit partners offered a new “Taxes-Security-Together” Checklist as a starting point.

    “Learning the signs of identity theft is critical for anyone handling taxpayer data,” said IRS Commissioner Chuck Rettig. “It can be as subtle as an unusually slow computer system or as obvious as multiple clients unexpectedly receiving the same IRS notice. Paying attention to these details is critical, and fast action alerting the IRS and calling in a security expert can help protect taxpayers and your business.”

    Recognizing the signs of data theft is the fourth item on the “Taxes-Security-Together” Checklist. Previous checklist items include: deploying the “Security Six” basic steps, creating a written data security plan and educating yourself on email phishing scams.

    Although the Security Summit -- a partnership between the IRS, states and the private-sector tax community started in 2015 -- is making major progress against tax-related identity theft, cybercriminals continue to quickly evolve, and data thefts at tax professionals’ offices remain a major attack point. Thieves use stolen data from tax practitioners to create fraudulent returns that are harder for Summit partners to detect.

    Recognize the signs of client data theft

    The IRS and Summit partners have created a list of warning signs that a tax professional or their office may have experienced a data theft:

    • Client e-filed returns begin to be rejected by the IRS or state tax agencies because returns with their Social Security numbers were already filed;
    • Clients who haven’t filed tax returns begin to receive taxpayer authentication letters (5071C, 4883C, 5747C) from the IRS to confirm their identity for a submitted tax return.
    • Clients who haven’t filed tax returns receive refunds;
    • Clients receive tax transcripts that they did not request;
    • Clients who created an IRS Online Services account receive an IRS notice that their account was accessed or IRS emails stating their account has been disabled. Another variation: Clients unexpectedly receive an IRS notice that an IRS online account was created in their names;
    • The number of returns filed with the tax professional’s Electronic Filing Identification Number (EFIN) exceeds the number of clients;
    • Tax professionals or clients responding to emails that the firm did not send;
    • Network computers running slower than normal;
    • Computer cursors moving or changing numbers without touching the keyboard;
    • Network computers locking out employees.

    “Tax professionals should be on the lookout for these scary scenarios that have hit firms across the country, jeopardizing data of the company and their clients,” Rettig said.

    Because IRS and state tax systems will only accept one unique Social Security number, taxpayers often discover they are a victim when they attempt to e-file and their tax return is rejected because a return with their SSN already is in the system. Or, more commonly, the IRS identifies a return that could be an identity theft return and sends a letter to the taxpayer asking them to contact the agency to let the IRS know if they filed the return.

    Identity thieves sometimes try to leverage the stolen data by using taxpayer information to access the IRS Get Transcript system. Taxpayers who receive transcripts by mail but did not order them are sometimes victims of this approach. Get Transcript Online is protected by a robust, two-factor authentication process. But crooks may still try to use stolen identities to try to create Get Transcript accounts, which results in the IRS disabling the account and sending the taxpayer a letter.

    During the tax filing season, tax professionals should make a weekly review of returns filed with the office’s Electronic Filing Identification Number, or EFIN. A report is updated weekly. Tax preparers can access their e-File applications and select “check EFIN status” to see a count. If the numbers are inflated, practitioners should contact the IRS e-Help Desk.

    Tax professionals may also notice IRS acknowledgements for returns they did not e-file. Acknowledgements are sent soon after a return is transmitted.

    Tax professionals who fall victim to spear phishing email scams, a common way cybercriminals access office computer, may suddenly see responses to emails they never sent. If a practitioner mistakenly provides username and password information to the thief, the thief often harvests the practitioner’s contact list, stealing names and email addresses of colleagues and clients and enabling the crooks to use the tax firm to expand their spear phishing scam.

    Always be alert to phishing scams, even if the emails appear to come from a colleague or client. If the language sounds a bit off or if the request seems unusual, contact the “sender” by phone to verify rather than opening a link or attachment.

    Finally, there are several signs that office computer systems may be under attack or may be under remote control, such as the cursor moving with no one at the keyboard. The IRS is aware of many examples in which cybercriminals gained access to practitioners’ office computers, complete the pending Form 1040s, change electronic deposit information to their own accounts and then e-filed the returns – all performed remotely.

    Tax professionals who notice any signs of identity theft should contact their state’s IRS Stakeholder Liaison immediately. The process for reporting data theft to the IRS is outlined in Data Theft Information for Tax Professionals.

    In some states, data thefts must be reported to various authorities. To help tax professionals find where to report data security incidents at the state level, the Federation of Tax Administrators has created a special page with state-by-state listings.

    Additional Resources

    The Security Summit reminds all professional tax preparers to have a written data security plan as required by the Federal Trade Commission and its Safeguards Rule. They can also get help with security recommendations by reviewing IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: the Fundamentals by the National Institute of Standards and Technology.

    Publication 5293, Data Security Resource Guide for Tax Professionals, provides a compilation of data theft information available on IRS.gov. Also, tax pros should stay connected to the IRS through subscriptions to e-News for Tax Professionals and Social Media.

    The Taxes-Security-Together Checklist

    During this special Security Summit series, the checklist will highlight these key areas for tax professionals:


  • 06 Aug 2019 12:01 PM | Maureen Gelwicks (Administrator)

    WASHINGTON — The Internal Revenue Service today launched the new Tax Withholding Estimator, an expanded, mobile-friendly online tool designed to make it easier for everyone to have the right amount of tax withheld during the year.

    The Tax Withholding Estimator replaces the Withholding Calculator, which offered workers a convenient online method for checking their withholding. The new Tax Withholding Estimator offers workers, as well as retirees, self-employed individuals and other taxpayers, a more user-friendly step-by-step tool for effectively tailoring the amount of income tax they have withheld from wages and pension payments.

    “The new estimator takes a new approach and makes it easier for taxpayers to review their withholding,” said IRS Commissioner Chuck Rettig. “This is part of an ongoing effort by the IRS to improve quality services as we continue to pursue modernization and enhancements of our taxpayer relationships.”

    The IRS took the feedback and concerns of taxpayers and tax professionals to develop the Tax Withholding Estimator, which offers a variety of new user-friendly features including:

    • Plain language throughout the tool to improve comprehension.
    • The ability to more effectively target at the time of filing either a tax due amount close to zero or a refund amount.
    • A new progress tracker to help users see how much more information they need to input.
    • The ability to move back and forth through the steps, correct previous entries and skip questions that don’t apply.
    • Enhanced tips and links to help the user quickly determine if they qualify for various tax credits and deductions.
    • Self-employment tax for a user who has self-employment income in addition to wages or pensions.
    • Automatic calculation of the taxable portion of any Social Security benefits.
    • A mobile-friendly design.

    In addition, the new Tax Withholding Estimator makes it easier to enter wages and withholding for each job held by the taxpayer and their spouse, as well as separately entering pensions and other sources of income. At the end of the process, the tool makes specific withholding recommendations for each job and each spouse and clearly explains what the taxpayer should do next.

    The new Tax Withholding Estimator will help anyone doing tax planning for the last few months of 2019. Like last year, the IRS urges everyone to do a Paycheck Checkup and review their withholding for 2019. This is especially important for anyone who faced an unexpected tax bill or a penalty when they filed this year. It’s also an important step for those who made withholding adjustments in 2018 or had a major life change.

    Those most at risk of having too little tax withheld include those who itemized in the past but now take the increased standard deduction, as well as two-wage-earner households, employees with nonwage sources of income and those with complex tax situations.

    To get started, check out the Tax Withholding Estimator on IRS.gov.


  • 31 Jul 2019 1:56 PM | Maureen Gelwicks (Administrator)

    IRS, Security Summit partners alert tax professionals to the risks posed by phishing emails; education key to protecting taxpayer data

    WASHINGTON — The IRS, states and tax industry partners today warned tax professionals to beware of the continuing threat of phishing emails, which remain the most common tactic used by cybercriminals to steal sensitive data.

    The reminder came as the IRS and its Security Summit partners urged tax professionals to take time this summer to review their data security protections. To help this effort, the Summit partners prepared a special “Taxes-Security-Together” Checklist as a starting point.
     
    “You can take all the cybersecurity steps in the world, but tax professionals and others in the business world should remember you are only as safe as your least educated employee,” said Chuck Rettig, IRS Commissioner. “Cybercriminals use phishing emails and malware to gain control of computer systems or to steal usernames and passwords. These can provide a treasure trove of information that can lead to tax-related identity theft.”

    Educating personnel on the dangers of phishing emails is the third item on the “Taxes-Security-Together” Checklist. This summer awareness initiative also has covered deploying the “Security Six” basic steps to protect computers and email as well as creating a data security plan.
     
    Although the Security Summit -- a partnership between the IRS, states and the private-sector tax community -- is making major progress against tax-related identity theft, cybercriminals continue to evolve, and data thefts at tax professionals’ offices continue to be seen across the nation. Thieves use stolen data from tax practitioners to create fraudulent returns that are harder for the IRS and Summit partners to detect.
     
    Tax pros: Educate yourself on phishing emails

    More than 90% of all data thefts start with a phishing email. The employee may open a link that takes them to a fake site or open an attachment that is embedded with malware that secretly downloads onto their computers.
     
    The IRS often sees tax professionals victimized after being targeted with a tactic called spear phishing. The objective of a spear phishing email is to pose as a trusted source and “bait” the recipient into opening an embedded link or an attachment. The email may make an urgent plea to the tax pro to update an account immediately. A link may seem to go to another trusted website, for example a cloud storage or tax software provider login page, but it’s actually a website controlled by the thief.
     
    An attachment may contain malicious software called keylogging, which secretly infects computers and provides the thief with the ability to see every keystroke. Thieves can steal passwords to various accounts or even take remote control of computers, enabling them to steal taxpayer data.
     
    Common spear phishing scams seen by the IRS include thieves posing as prospective clients, sending unsolicited emails to tax professionals. After an exchange of emails, the thief sends an email with an attachment, claiming it contains the tax information needed to prepare a return. Instead, it contains spyware that allows thieves to track each keystroke.

    The IRS also sees thieves posing as tax software providers or data storage providers with emails containing links that go to web pages that mirror real sites. The thieves’ goal is to trick tax professionals into entering their usernames and passwords into these fake sites, which the crooks then steal.
     
    Another trick used by thieves is rather than stealing the data, they encrypt it, a practice known as ransomware. Once they encrypt the data, thieves demand a ransom in return for the code to unencrypt the data. The Federal Bureau of Investigation warns users not to pay the ransom because thieves often do not provide the code. The FBI has called ransomware attacks a growing threat to businesses and others. 
     
    Educated employees are the key to avoiding phishing scams, and office systems are only as safe as the least informed employee. These simple steps also can help protect against stolen data: 

    • Use separate personal and business email accounts; protect email accounts with strong passwords and two-factor authentication if available.
    • Install an anti-phishing tool bar to help identify known phishing sites. Anti-phishing tools may be included in security software products.
    • Use security software to help protect systems from malware and scan emails for viruses.
    • Never open or download attachments from unknown senders, including potential clients; make contact first by phone, for example.
    • Send only password-protected and encrypted documents if files must be shared with clients via email.
    • Do not respond to suspicious or unknown emails; if IRS-related, forward to phishing@irs.gov.

    Additional resources

    The Security Summit reminds all tax professionals that they must have a written data security plan as required by the Federal Trade Commission and its Safeguards Rule. Get help with security recommendations by reviewing the recently revised IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: the Fundamentals by the National Institute of Standards and Technology.

    Publication 5293, Data Security Resource Guide for Tax Professionals, provides a compilation of data theft information available on IRS.gov. Also, tax professionals should stay connected to the IRS through subscriptions to e-News for Tax Professionals and Social Media.

    The Taxes-Security-Together Checklist

    During this special Security Summit series, the checklist highlights these key areas for tax professionals:


  • 31 Jul 2019 11:48 AM | Maureen Gelwicks (Administrator)

    WASHINGTON — The Internal Revenue Service today issued a Revenue Procedure allowing a taxpayer to make a late election, or to revoke an election, under section 168(k) for certain property acquired by the taxpayer after September 27, 2017, and placed in service by the taxpayer during its taxable year that includes September 28, 2017.

    The Tax Cuts and Jobs Act made several changes to bonus depreciation. For example, the additional first year depreciation deduction percentage was increased from 50 to 100 percent. The property eligible for the additional first year depreciation deduction was expanded to include certain used depreciable property and certain film, television, or live theatrical productions; the placed-in-service date was extended to before January 1, 2027. Finally, the date on which a specified plant is planted or grafted by the taxpayer was extended to before January 1, 2027.

    There are three additional first year depreciation deduction elections. A taxpayer can elect not to deduct the additional first year depreciation for all qualified property that is in the same class of property and placed in service by the taxpayer in the same tax year.   Secondly a taxpayer can elect to deduct 50-percent, instead of 100-percent, additional first year depreciation for all qualified property acquired after September 27, 2017, and placed in service by the taxpayer during its taxable year that includes September 28, 2017. 

    Finally, a taxpayer can elect to deduct additional first year depreciation for any specified plant that is planted after September 27, 2017 and before January 1, 2027, or grafted after and before those dates to a plant that has already been planted.  If the taxpayer makes this election, the additional first year depreciation deduction is allowable for the specified plant in the taxable year in which that plant is planted or grafted.

    The Revenue Procedure applies to these elections for the taxable year that includes September 28, 2017.  If a taxpayer did not make these elections timely for that taxable year, the Revenue Procedure allows the taxpayer to make late elections by filing an amended return or a Form 3115 for a limited period of time.  If a taxpayer did make these elections timely for that taxable year, the Revenue Procedure also allows the taxpayer to revoke the elections by filing an amended return or a Form 3115 for a limited period of time. 

    Updates on the implementation of the TCJA can be found on the Tax Reform page of IRS.gov.

  • 29 Jul 2019 2:19 PM | Maureen Gelwicks (Administrator)

    WASHINGTON — The Internal Revenue Service will conduct a webinar Aug. 1 for employers and tax professionals focusing on employment and payroll taxes.

    Federal law requires most employers to withhold federal income taxes from their employees' wages. These taxes must be deposited, along with the employer and employee portion of Social Security and Medicare taxes, and reported to the IRS. Last year, the IRS processed over 30 million employment tax returns and collected over $1 trillion in employment taxes.

    The free 60-minute webinar is open to tax professionals, employers and anyone else interested in the topic. Tax pros can earn one continuing education credit. Subjects such as common mistakes, how employers can monitor and limit their risks, as well as options for delinquent businesses to repay back taxes will be discussed.

    The webinar will provide an overview of:

    • Common employment/payroll tax mistakes businesses make
    • Mitigating risks when using a third party to handle employment/payroll tax
    • Tools and advice for employers on how to monitor their compliance and limit risks
    • IRS help for businesses behind on their employment/payroll taxes
    • IRS enforcement authority (liens, levies, seizures and criminal referrals)  

    A live question and answer session will be included to help attendees understand how to best meet these obligations and stay compliant.

    The webinar will be Thursday, Aug. 1, 2019, at 2 p.m. Eastern time. Interested participants can register online.

    The webinar will be offered with closed captioning for viewers who are deaf or hard of hearing. Questions before the webinar can be sent to:  cl.sl.web.conference.team@irs.gov.

    More information is available at Understanding Employment Taxes and Employment Taxes on IRS.gov. Archived webinars are available at www.irsvideos.gov.


  • 23 Jul 2019 1:13 PM | Maureen Gelwicks (Administrator)

    IRS, Security Summit partners remind practitioners that all ‘professional tax preparers’ must create a written data security plan to protect clients

    WASHINGTON — The IRS, state tax agencies and the nation’s tax industry today reminded all “professional tax preparers” that federal law requires them to create a written information security plan to protect their clients’ data.

    The reminder came as the IRS and its Security Summit partners urged tax professionals to take time this summer to review their data security protections. To help them in this complex area, the Summit created a special “Taxes-Security-Together” Checklist as a starting point.

    “Protecting taxpayer data is not only a good business practice, it’s the law for professional tax preparers,” said IRS Commissioner Chuck Rettig. “Creating and putting into action a written data security plan is critical to protecting your clients and protecting your business.”

    Creating a data security plan is the second item on the “Taxes-Security-Together” Checklist. The first step for tax professionals involved deploying the “Security Six” basic steps to protect computers and email.

    Although the Security Summit -- a partnership between the IRS, states and the private-sector tax community -- is making major progress against tax-related identity theft, cybercriminals continue to evolve, and data thefts at tax professionals’ offices remain a major threat. Thieves use stolen data from tax practitioners to create fraudulent returns that can be harder for the IRS and Summit partners to detect.

    Create a data security plan under federal law

    The Security Summit partners noted that many in the tax professional community do not realize they are required under federal law to have a data security plan.

    The Financial Services Modernization Act of 1999, also known as the Gramm-Leach-Bliley (GLB) Act, gives the Federal Trade Commission authority to set information safeguard regulations for various entities, including professional tax return preparers. According to the FTC Safeguards Rule, tax return preparers must create and enact security plans to protect client data. Failure to do so may result in an FTC investigation. The IRS also may treat a violation of the FTC Safeguards Rule as a violation of IRS Revenue Procedure 2007-40, which sets the rules for tax professionals participating as an Authorized IRS e-file Provider.

    The FTC-required information security plan must be appropriate to the company’s size and complexity, the nature and scope of its activities and the sensitivity of the customer information it handles. According to the FTC, each company, as part of its plan, must:

    • designate one or more employees to coordinate its information security program;
    • identify and assess the risks to customer information in each relevant area of the company’s operation and evaluate the effectiveness of the current safeguards for controlling these risks;
    • design and implement a safeguards program and regularly monitor and test it;
    • select service providers that can maintain appropriate safeguards, make sure the contract requires them to maintain safeguards and oversee their handling of customer information; and
    • evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.

    The FTC says the requirements are designed to be flexible so that companies can implement safeguards appropriate to their own circumstances. The Safeguards Rule requires companies to assess and address the risks to customer information in all areas of their operations.

    Please note: The FTC currently is re-evaluating the Safeguards Rule and has proposed new regulations. Be alert to any changes in the Safeguards Rule and its effect on the tax preparation community.

    IRS Publication 4557, Safeguarding Taxpayer Data, details critical security measures that all tax professionals should enact. The publication also includes information on how to comply with the FTC Safeguards Rule, including a checklist of items for a prospective data security plan. Tax professionals are asked to focus on key areas such as employee management and training; information systems; and detecting and managing system failures.

    Additional data protection provisions may apply

    The IRS and certain Internal Revenue Code (IRC) sections also focus on protection of taxpayer information and requirements of tax professionals. Here are a few examples:

    • IRS Publication 3112 - IRS e-File Application and Participation, states: Safeguarding of IRS e-file from fraud and abuse is the shared responsibility of the IRS and Authorized IRS e-file Providers. Providers must be diligent in recognizing fraud and abuse, reporting it to the IRS, and preventing it when possible. Providers must also cooperate with the IRS’ investigations by making available to the IRS upon request information and documents related to returns with potential fraud or abuse.
    • IRC, Section 7216 - This IRS code provision imposes criminal penalties on any person engaged in the business of preparing or providing services in connection with the preparation of tax returns who knowingly or recklessly makes unauthorized disclosures or uses information furnished to them in connection with the preparation of an income tax return.
    • IRC, Section 6713 - This code provision imposes monetary penalties on the unauthorized disclosures or uses of taxpayer information by any person engaged in the business of preparing or providing services in connection with the preparation of tax returns.
    • IRS Revenue Procedure 2007-40 - This legal guidance requires authorized IRS e-file providers to have security systems in place to prevent unauthorized access to taxpayer accounts and personal information by third parties. It also specifies that violations of the GLB Act and the implementing rules and regulations put into effect by the FTC, as well as violations of non-disclosure rules addressed in IRC sections 6713 and 7216, are considered violations of Revenue Procedure 2007-40. These violations are subject to penalties or sanctions specified in the Revenue Procedure.
       
      Many state laws govern or relate to the privacy and security of financial data, which includes taxpayer data. They extend rights and remedies to consumers by requiring individuals and businesses that offer financial services to safeguard nonpublic personal information. For more information on state laws that businesses must follow, consult state laws and regulations.

    Where to report data theft for the IRS, states

    To notify the IRS in case of data theft, contact the appropriate local IRS Stakeholder Liaison.

    In some states, data thefts must be reported to various authorities. Email the Federation of Tax Administrators at StateAlert@taxadmin.org to get information on how to report victim information to the states.

    Additional resources

    Tax professionals also can get help with security recommendations by reviewing the recently revised IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: the Fundamentals by the National Institute of Standards and Technology.

    Publication 5293, Data Security Resource Guide for Tax Professionals, provides a compilation of data theft information available on IRS.gov. Also, tax professionals should stay connected to the IRS through subscriptions to e-News for Tax Professionals and Social Media.

    The Taxes-Security-Together Checklist

    During this special Security Summit series, the checklist highlights these key areas for tax professionals:

    • Deploy “Security Six” basic safeguards
    • Create data security plan
    • Educate yourself on phishing scams
    • Recognize the signs of client data theft
    • Create a data theft recovery plan, and call the IRS immediately


  • 09 Jul 2019 12:31 PM | Maureen Gelwicks (Administrator)

    IRS, Security Summit partners urge tax professionals to review their practices, enhance safeguards to protect taxpayer data

    IRS YouTube Videos:
    Tax Security 2.0: Taxes-Security-Together Checklist: English

    WASHINGTON — Leaders from the IRS, state tax agencies and the tax industry today called on tax professionals nationwide to take time this summer to review their current security practices, enhance safeguards where necessary and take steps to protect their businesses from global cybercriminal syndicates prowling the Internet.

    Despite major progress by the IRS and the Security Summit partners against identity theft, evolving tactics continue to threaten the tax community and the sensitive data of taxpayers.
     
    To help combat this, the Security Summit partners created a new “Taxes-Security-Together” Checklist to serve as a starting point for tax professionals. Beginning next week, the IRS and Summit partners will issue a series of five Tax Security 2.0 news releases highlighting “Taxes-Security-Together” Checklist action items.  
     
    “The IRS, the states and the private sector tax industry have taken major steps to protect taxpayers and their data,” said IRS Commissioner Chuck Rettig. “But a major risk remains, regardless of whether you are the sole tax practitioner in your office or part of a multi-partner accounting firm. To help with this, we assembled a security checklist to assist the tax community. We hope tax professionals will use our checklist as a starting point to do everything necessary to protect their client’s data.”
     
    The Security Summit — a partnership between the IRS, states and the private-sector tax community — started in 2015 to combat identity theft and protect taxpayers. Key IRS data show the Summit continues making major progress against tax-related identity theft. Between 2015 and 2018, key indicators showed:

    • The number of taxpayers who reported to the IRS that they were victims of identity theft fell 71 percent. In 2018, the IRS received 199,000 identity theft affidavits from taxpayers compared to 677,000 in 2015. This was the third consecutive year this number declined.
    • The number of confirmed identity theft returns stopped by the IRS declined by 54 percent, falling from 1.4 million in 2015 to 649,000 in 2018.

    As the Summit has increased the tax community’s defenses against identity theft and refund fraud, cybercriminals continue to evolve. Increasingly, they look to data thefts at tax professionals’ offices to obtain large amounts of sensitive taxpayer data. Thieves then use stolen data from tax professionals to create fraudulent returns that are harder to detect.
     
    The ‘Taxes-Security-Together’ Checklist
     
    The Summit partners urge the tax community to review these basic security steps this summer. Some tax pros may routinely overlook these checklist items and others need to regularly revisit them. The steps are not only important for tax practitioners, but for taxpayers as well. Everyone has a responsibility to protect sensitive data.
     
    The Taxes-Security-Together checklist highlights key security features 
     
    √ Deploy the “Security Six” measures:

    • Activate anti-virus software.
    • Use a firewall.
    • Opt for two-factor authentication when it’s offered.
    • Use backup software/services.
    • Use Drive encryption.
    • Create and secure Virtual Private Networks.

    √ Create a data security plan:

    • Federal law requires all “professional tax preparers” to create and maintain an information security plan for client data.
    • The security plan requirement is flexible enough to fit any size of tax preparation firm, from small to large.
    • Tax professionals are asked to focus on key risk areas such as employee management and training; information systems; and detecting and managing system failures.

    √ Educate yourself and be alert to key email scams, a frequent risk area involving:

    • Learn about spear phishing emails.
    • Beware ransomware.

    √ Recognize the signs of client data theft:

    • Clients receive IRS letters about suspicious tax returns in their name.
    • More tax returns filed with a practitioner’s Electronic Filing Identification Number than submitted.
    • Clients receive tax transcripts they did not request.

    √ Create a data theft recovery plan including:

    • Contact the local IRS Stakeholder Liaison immediately.
    • Assist the IRS in protecting clients’ accounts.
    • Contract with a cybersecurity expert to help prevent and stop thefts.

    Security Summit partners/tax professionals urge review
     
    “The states and our partners have made progress in the fight against tax-related identity theft, but criminals continue to evolve. We cannot let our guard down in this fight because our common enemy is well-funded, technologically skilled and savvy about state and federal tax processes,” said Sharonne Bonardi, president of the Board of Trustees of the Federation of Tax Administrators and Deputy Comptroller in Maryland. “To make this work, we need help from individual tax professionals across the nation.”

    Checklist marks third year of Summit campaigns aimed at tax professional community

    This year’s Tax Security 2.0 effort involving the Security Checklist is the third summer campaign in a row involving the Summit partners. The effort follows feedback and recommendations from the Electronic Tax Administration Advisory Committee (ETAAC) that encouraged the Summit partners to expand and intensify outreach efforts to the tax professional community on identity theft and security issues.

    This year’s campaign also coincides with this summer’s IRS Nationwide Tax Forums, which will again feature a major focus on security protection for tax professionals. The sessions will provide continuing education credits for sessions led by experts from inside and outside the IRS. The American Coalition for Taxpayer Rights also will again sponsor special sessions with experts from the Pell Center for International Relations and Public Policy at Salve Regina University in Rhode Island.

    Last year, Summit education effort focused on Protect Your Clients, Protect Yourself: Tax Security 101. In 2017, the campaign highlighted email schemes in Don’t Take the Bait.

    Separate Summit initiatives focus on identity theft awareness for individual taxpayers and consumer alerts for developing tax scams and schemes.

    Resources available for tax professionals
     
    Tax professionals also can get help with security recommendations by reviewing IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: the Fundamentals by the National Institute of Standards and Technology.

    Publication 5293, Data Security Resource Guide for Tax Professionals, provides a compilation of data theft information available on IRS.gov. Also, tax professionals should stay connected to the IRS through subscriptions to e-News for Tax Professionals and Social Media.


  • 18 Jun 2019 12:55 PM | Maureen Gelwicks (Administrator)

    WASHINGTON — The Treasury Department and Internal Revenue Service today issued legal guidance under the 2017 Tax Cuts and Jobs Act (TCJA) and the Consolidated Appropriations Act of 2018 providing information on certain deductions to cooperatives and their patrons.

    The proposed regulations issued today provide guidance for cooperatives and their patrons on calculating the deduction for qualified business income - the QBI deduction - and the deduction for domestic production activities for agricultural or horticultural cooperatives and their patrons (the Section 199A(g) deduction). In addition, Notice 2019-27, posted today on IRS.gov, contains a proposed revenue procedure providing guidance on methods for calculating W-2 wages for purposes of section 199A(g).

    Final regulations on the new QBI deduction were published on Jan. 18, 2019. The QBI deduction is available for tax years beginning after Dec. 31, 2017, for taxpayers, including certain patrons of cooperatives, with income from a domestic business operated as a sole proprietorship, a partnership, S corporation, trust or estate. The QBI deduction is up to 20 percent of the qualified business income from the business. Some taxpayers may also be allowed a deduction up to 20 percent of qualified real estate investment trust dividends and publicly traded partnership income. 

    Patrons’ deduction

    Certain patrons who conduct business through cooperatives may be able to include patronage dividends and similar amounts they receive from those cooperatives to calculate their own QBI deduction. For example, a farmer receiving patronage dividends from a marketing cooperative through which the farmer sells agricultural products may be able to include these dividends in calculating the QBI deduction from the farmer’s agricultural business. The proposed regulations provide guidance to cooperatives and patrons regarding the QBI deduction.

    Certain patrons, like farmers, must reduce their QBI deduction if they receive qualified payments from specified agricultural or horticultural cooperatives. The QBI deduction must be reduced by either 9 percent of the QBI from each business related to the qualified payments, or 50 percent of the wages allocated to each such business, whichever is the smaller amount. The proposed regulations provide guidance to patrons regarding the reduction to the QBI deduction. 

    Specified agricultural or horticultural cooperatives’ deduction

    Specified agricultural or horticultural cooperatives are allowed a Section 199A(g) deduction for income attributable to domestic production activities, which is similar to the domestic production activities deduction under former Section 199 before its repeal by the TCJA. Cooperatives cannot pass through any portion of their Section 199A(g) deduction to patrons structured as C corporations, unless they are specified agricultural or horticultural cooperatives. The proposed regulations provide guidance to cooperatives and patrons regarding the Section 199A(g) deduction.

    IRS and Treasury welcome public comments on these proposed regulations and notice of proposed revenue procedure. For details on submitting comments, see the proposed regulations and notice. Taxpayers may rely on these proposed regulations if they apply the rules in their entirety until final regulations are published.

    Updates on the implementation of the TCJA can be found on the Tax Reform page of IRS.gov.


<< First  < Prev   1   2   3   4   5   ...   Next >  Last >> 
©2019, Virginia Society of Tax & Accounting Professionals, formerly The Accountants Society of Virginia, 
is a 501(c)6 non-profit organization.

PO Box 3363 | Warrenton, VA 20188 | Phone: (800) 927-2731 | Fax: (888) 403-0920 | asv@virginia-accountants.org

Powered by Wild Apricot Membership Software